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L (originaD A method for broadcast encryption, comprising: 

assigning each user in a group of users respective private information I u ; 
selecting at least one session encryption key K; 

partitioning users not in a revoked set R into disjoint subsets S^.^.S^ having associated 
subset keys 1^,,...^; and 

encrypting the session key K with the subset keys 1^, to render m encrypted versions 

of the session key K. 

2. (original) The method of Claim 1, further comprising partitioning the users into groups 
S,,... f $ w * wherein "w" is an integer, and the groups establish subtrees in a tree. 

3. (original) The method of Claim 2, wherein the tree is a complete binary tree. 

4. (original) The method of Claim 1, further comprising using private information I u to decrypt 
the session key. 

5. (original) The method of Claim 4, wherein the act of decrypting includes using information 
ij such that a user belongs to a subset S u , and retrieving a subset key L- u using the private information of the 
user. 



PAGE 2^2 * RCVD AT 10/18/2004 1:43:00 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/2 * DNIS:8729306 * CSID:161933»078 * DURATION (mm-ss):04-30 



FROM ROGITZ 619 338 8078 



(MON)OCT 1 8 2004 1 0 : 43/ST. 1 0 : 42/No. 6833031 230 P 3 



CASE NO.: ARC9-2001-0005-US1 PATENT 
Serial No.; 09/770,877 Hied: January 26, 2001 

October 18, 2004 
Page 3 



6. (original) The method of Claim 2, wherein each subset Sj| r ..,S to includes all leaves in a 
subtree rooted at some node v it at least each node in the subtree being associated with a respective subset key. 

7. (original) The method of Claim 6 , wherein content is provided to users in at least one message 
defining a header, and the header includes at most r*Iog(N/r) subset keys and encryptions, wherein r is the 
number of users in the revoked set R and N is the total number of users. 

8. (original) The method of Claim 6, wherein each user must store log N keys, wherein N is 
the total number of users. 

9. (original) The method of Claim 6, wherein content is provided to users in at least one 
message, and wherein each user processes the message using at most log log N operations plus a single 
decryption operation, wherein N is the total number of users. 

10. (original) The method of Claim 6, wherein the revoked set R defines a spanning tree, and 
subtrees having roots attached to nodes of the spanning tree define the subsets. 

11. (original) The method of Claim 2, wherein the tree includes a root and plural nodes, each 
node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at 
some node v s that are not in the subtree rooted at some other node \ j that descends from v h 
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12, (original) The method of Claim 11, wherein content is provided to users in at least one 
message defining a header, and the header includes at most 2r-l subset keys and encryptions, wherein r is 
the number of users in the revoked set R. 

13, (original) The method of Claim 11, wherein each user must store ♦Slog 2 N + ,5k>g N +1 
keys, wherein N is the total number of users. 



14. (original) The method of Claim 11, wherein content is provided to users in at least one 
message, and wherein each user processes the message using at most log N operations plus a single 
decryption operation, wherein N is the total number of users. 

15. (original) The method of Claim 1 1 , wherein the revoked set R defines a spanning tree, and 
wherein the method includes: 

initializing a cover tree T as the spanning tree; 

iteratively removing nodes from the cover tree T and adding nodes to a cover until the cover 
tree T has at most one node. 

16. (original) The method of Claim 1 1, wherein each node has at least one label possibly induced 
by at least one of its ancestors, and wherein each user is assigned labels from all nodes hanging from a direct 
path between the user and the root but not from nodes in the direct path. 
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17* (original) The method of Claim 16, wherein labels are assigned to subsets using a 
pseudorandom sequence generator, and the act of decrypting includes evaluating the pseudorandom sequence 
generator. 



18. (original) The method of Claim 1 , wherein content is provided to users in at least one message 
having a header including a cryptographic function fi, * and the method includes prefix-truncating the 
cryptographic function E,,. 

19. (original) The method of Claim 2+ wherein the tree includes a root and plural nodes, each 
node having an associated key, and wherein each user is assigned keys from all nodes in a direct path between 
a leaf representing the user and the root* 

20* (original) Hie method of Claim 1 » wherein content is provided to users in at least one message 
defining plural portions, and each portion is encrypted with a respective session key. 

21. (original) A computer program device, comprising: 

a computer program storage device including a program of instructions usable by a computer, 
comprising: 



logic means for accessing a tree to identify plural subset keys; 



logic means for encrypting a message with a session key; 



10EM2I.AM1 



PAGE 5122 * RCVD AT 10/1812004 1:43:00 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/2 1 DNIS:8729306 ' CSID: 1 61 933S8078 1 DURATION (mm-ss):04-30 



FROM ROGITZ 619 338 8078 



(MON)OCT 1 8 2004 1 0 : 44/ST. 1 0 :42/No. 6833031 230 P 6 



CASE NO,; ARCM001-0005-US1 PATENT 
Serial No,: 09/770,877 Filed: January 26, 2001 

October 18, 2004 
Page 6 



logic means for encrypting the session key at least once with each of the subset keys to render 
encrypted versions of the session key; and 

logic means for sending the encrypted versions of the session key in a header of Che message 
to plural stateless receivers. 

22. (original) The computer program device of Claim 21, further comprising: 

logic means for partitioning receivers not in a revoked set R into disjoint subsets S^.-.S^ 
having associated subset keys Lj,,...,]^,. 

23. (original) The computer program device of Claim 22, further comprising logic means for 
partitioning the users into groups S h ...«S wt wherein *w* is an integer, and the groups establish subtrees in 
a tree. 

24. (original) The computer program device of Claim 21, further comprising logic means for 
using private information I u to decrypt the session key. 

25. (original) The computer program device of Claim 24, wherein the means for decrypting 
includes logic means for using information ij such that a receiver belongs to a subset S 4 , and retrieving a key 
L« from the private information of the receiver. 
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26. (original) The computer program device of Claim 23 , wherein each subset S^.-.S^ includes 
all leaves in a subtree rooted at some node v,, at least each node in the subtree being associated with a 
respective subset key. 

27. (original) The computer program device of Claim 26, wherein logic means provide content 
to receivers in at least one message defining a header, and the header includes at most r*log(N/r) subset keys 
and encryptions, wherein r is the number of receivers in the revoked set R and N is the total number of 
receivers. 

28. (original) The computer program device of Claim 26, wherein each receiver must store log 
N keys, wherein N is the total number of receivers. 

29. (original) The computer program device of Claim 26, wherein logic means provide content 
to receivers in at least one message, and wherein each receiver processes the message using at most log log 
N operations phis a single decryption operation, wherein N is the total number of receivers. 

30. (original) The computer program device of Claim 26* wherein the revoked set R defines a 
spanning tree, and subtrees having roots attached to nodes of the spanning tree define the subsets. 

31. (original) The computer program device of Claim 23, wherein the tree includes a root and 
plural nodes, each node having at least one associated label, and wherein each subset includes all leaves in 
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a subtree rooted at some node v { that are not in the subtree rooted at some other node v } that descends from 
v,. 

32. (original) The computer program device of Claim 31, wherein logic means provide content 
to receivers in at least one message defining a header, and the header includes at most 2r-l subset keys and 
encryptions , wherein r is the number of receivers in the revoked set R. 

33 . (original) The computer program device of Claim 3 1 , wherein each receiver must store .Slog 2 
N + ,5k>g N +1 keys, wherein N is the total number of receivers. 

34. (original) The computer program device of Claim 31, wherein logic means provide content 
to receivers in at least one message, and wherein each receiver processes the message using at most log N 
operations plus a single decryption operation, wherein N is the total number of receivers. 

35. (original) The computer program device of Claim 31, wherein the revoked set R defines a 
spanning tree, and wherein (original) The computer program device includes: 

logic means for initializing a cover tree T as the spanning tree; and 
logic means for iteratively removing nodes from the cover tree T and adding nodes to a cover 
until the cover tree T has at most one node. 



PAGE 8/22 ' RCVD AT 10/18/2004 1:43:00 PM [Eastern Daylight Time] ■ SVR:USPT0-EFXRF-1/2 • DNIS:8729306 ' CSID:16193388078 ■ DURATION |mm-ss):04-30 



FROM ROGITZ 61 9 338 8078 (MON)OCT 1 8 2004 1 0 :44/ST- 1 0 : 42/No. 6833031 230 P 9 

CASE NO.: ARC9-2001-0005-U51 
Serial No,: 09/770,877 
October 18, 2004 
Page 9 

36. (original) The computer program device of Claim 35, wherein logic means assign labels to 
receivers using a pseudorandom sequence generator, and the labels induce subset keys. 

37. (original) The computer program device of Claim 36, wherein the means for decrypting 
includes evaluating the pseudorandom sequence generator. 

38. (original) The computer program device of Claim 21, wherein logic means provide content 
to receivers in at least one message having a header including a cryptographic function and (original) The 
computer program device includes logic means for prefix-truncating the cryptographic function E, . 

39. (original) The computer program device of Claim 23, wherein the tree includes a root and 
plural nodes, each node having an associated key, and wherein logic means assign each receiver keys from 
all nodes in a direct path between a leaf representing the receiver and the root. 

40. (original) The computer program device of Claim 21, wherein logic means provide content 
to receivers in at least one message defining plural portions, and each portion is encrypted with a respective 
session key. 

41. (previously presented) A computer programmed with instructions to cause the computer to 
execute method acts including: 

encrypting broadcast content; and 
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sending the broadcast content to plural stateless receivers and to at least one revoked receiver 
such that each stateless receiver can decrypt the content and the revoked receiver cannot decrypt the 
content. 

42. (original) The computer of Claim 41, wherein the method acts further comprise: 
assigning each receiver in a group of receivers respective private information I u ; 
selecting at least one session encryption key K; 

partitioning all receivers not in a revoked set R into disjoint subsets S,,,..^ having 
associated subset keys L^,...,!^; and 

encrypting the session key K with the subset keys Li„...,Lfc k to render m encrypted versions 
of the session key K. 

43. (original) The computer of Claim 41, wherein the method acts undertaken by the computer 
further comprise partitioning the users into groups S„... t S wl wherein N w H is an integer, and the groups 
establish subtrees in a tree, 

44. (original) The computer of Claim 43, wherein the tree is a complete binary tree. 
44, (canceled). 
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45. (original) The computer of Claim 44, wherein the act of decrypting undertaken by the 
computer includes using information ij such that a receiver belongs to a subset Sy, and retrieving a key Ly 
using the private information of the receiver. 

46. (original) The computer of Claim 43, wherein each subset Sj^.^S^ includes all leaves in a 
subtree rooted at some node v ]f at least each node in the subtree being associated with a respective subset key, 

47. (original) The computer of Claim 46, wherein content is provided to receivers in at least one 
. message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, wherein 

r is the number of receivers in the revoked set R and N is the total number of receivers. 

48. (original) The computer of Claim 46, wherein each receiver must store log N keys, wherein 
N is the total number of receivers. 

49. (original) The computer of Claim 46, wherein content is provided to receivers in at least one 
message, and wherein each receiver processes the message using at most log log N operations plus a single 
decryption operation, wherein N is the total number of receivers. 

50. (original) The computer of Claim 46, wherein the revoked set R defines a spanning tree, and 
subtrees having roots attached to nodes of the spanning tree define the subsets. 
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51. (original) The computer of Claim 43, wherein the tree includes a root and plural nodes, each 
node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at 
some node v t that are not in the subtree rooted at some other node Vj that descends from v { » 

52. (original) The computer of Claim 5 1 , wherein content is provided to receivers in at least one 
message defining a header, and the header includes at most 2r-I subset keys and encryptions, wherein r is 
the number of receivers in the revoked set R. 

53. (original) The computer of Claim 51, wherein each receiver must store .Slog 2 N + .51og N 
+ 1 keys, wherein N is the total number of receivers. 

54. (original) The computer of Claim 51, wherein content is provided to receivers in at least one 
message, and wherein each receiver processes the message using at most log N operations plus a single 
decryption operation, wherein N is the total number of receivers. 

55. (original) The computer of Claim 51 , wherein the revoked set R defines a spanning tree, and 
wherein the method acts undertaken by the computer further include: 

initializing a cover tree T as the spanning tree; 

iteratively removing nodes from the cover tree T and adding nodes to a cover until the cover 
tree T has at most one node. 
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56. (original) The computer of Claim 55, wherein the computer assigns node labels to receivers 
from the tree using a pseudorandom sequence generator. 

57. (original) The computer of Claim 56, wherein the act of decrypting undertaken by the 
computer includes evaluating the pseudorandom sequence generator. 

58. (original) The computer of Claim 41 , wherein content is provided to receivers in at least one 
message having a header including a cryptographic function E L , and the method acts undertaken by the 
computer include prefix-h-uncating the cryptographic function E^. 

59. (original) The computer of Claim 41 f wherein content is provided to receivers in at least one 
message defining plural portions, and each portion is encrypted by the computer with a respective session 
key* 

60. (original) The method of Claim 1 1 t wherein each node has plural labels with each ancestor 
of the node inducing a respective label, and wherein each user is assigned labels from all nodes hanging from 
a direct path between the user and the root but not from nodes in the direct path. 

61. (original) A method for broadcast encryption, comprising: 

assigning each user in a group of users respective private information I„; 
selecting at least one session encryption key K; 
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partitioning all users into groups S lf — F S W , wherein "w" is an integer, and the groups establish 
subtrees in a tree; 

partitioning users not in a revoked set R into disjoint subsets S j|t ...S jm having associated 
subset keys Li^.-.L^; and 

encrypting the session key K with the subset keys Lj, to render m encrypted versions 

of the session key K, wherein the tree includes a root ami plural nodes, each node having at least one 
associated label, and wherein each subset includes all leaves in a subtree rooted at some node v { that 
are not in the subtree rooted at some other node Vj that descends from v { . 

65. (previously presented) A receiver of content, comprising; 
means for storing respective private information I u ; 

means for receiving at least one session encryption key K encrypted with plural subset keys, 
the session key encrypting content; and 

means for obtaining at least one subset key using the private information such that the session 
key K can be decrypted to play the content, wherein the receiver receives content in at least one 
message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, 
wherein r is the number of receivers in a revoked set R and N is the total number of receivers. 

66. (original) The receiver of Claim 65, wherein the receiver is partitioned into one of a set of 
groups Si,.,mS w , wherein "w" is an integer, and the groups establish subtrees in a tree defining nodes and 
leaves. 
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67. (original) The receiver of Claim 66, wherein subsets S iM .. . ,8^ derived from Che set of groups 
S,,..,,S W define a cover, 

68. (canceled), 

69. (original) The receiver of Claim 67, wherein the receiver must store log N keys, wherein N 
is the total number of receivers. 

70. (previously presented) A receiver of content, comprising: 
means for storing respective private information I u ; 

means for receiving at least one session encryption key K encrypted with plural subset keys, 
the session key encrypting content; and 

means for obtaining at least one subset key using the private information such that the session 
key K can be decrypted to play the content, wherein the receiver receives content in at least one 
message defining a header, and wherein the receiver processes the message using at most log log N 
operations phis a single decryption operation, wherein N is the total number of receivers. 

71. (original) The receiver of Claim 67, wherein a revoked set R defines a spanning tree, and 
subtrees having roots attached to nodes of the spanning tree define the subsets. 
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72. (original) The receiver of Claim 67, wherein the tree includes a root and plural nodes, each 
node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at 
some node v s that are not in the subtree rooted at some other node Vj that descends from v,. 

73. (previously presented) A receiver of content, comprising; 
means for storing respective private information 1„; 

means for receiving at least one session encryption key K encrypted with plural subset keys, 
the session key encrypting content; and 

means for obtaining at least one subset key using the private information such that the session 
key K can be decrypted to play the content, wherein the receiver receives content in a message having 
a header including at most 2r-l subset keys and encryptions, wherein r is the number of receivers in 
the revoked set R. 

74. (previously presented) A receiver of content, comprising: 
means for storing respective private information 1^ 

means for receiving at least one session encryption key K encrypted with plural subset keys, 
the session key encrypting content; and 

means for obtaining at least one subset key using the private information such that the session 
key K can be decrypted to play the content, wherein the receiver must store .51og 2 N + .51og N 4- 1 
keys, wherein N is the total number of receivers. 
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75- (previously presented) A receiver of content, comprising: 
means for storing respective private information 1^; 

means for receiving at least one session encryption key K encrypted with plural subset keys, 
the session key encrypting content; and 

means for obtaining at least one subset key using the private information such that the session 
key K can be decrypted to play the content, wherein content is provided to the receiver in at least one 
message, and wherein the receiver processes the message using at most log N operations plus a single 
decryption operation, wherein N is the total number of receivers. 

76. (original) The receiver of Claim 72, wherein the receiver decrypts the subset key by 
evaluating a pseudorandom sequence generator. 

77. (previously presented) A receiver of content, comprising: 
a data storage storing respective private information I tt ; 

a processing device receiving at least one session encryption key K encrypted with plural 
subset keys, the session key encrypting content, the processing device obtaining at least one subset 
key using the private information such that the session key K can be decrypted to play the content, 
wherein the receiver receives content in at least one message defining a header, and wherein the 
receiver processes the message using at most log log N operations plus a single decryption operation, 
wherein N is the total number of receivers. 
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78* (original) The receiver of Claim 77, wherein the receiver is partitioned into one of a set of 



79. (original) The receiver of Claim 78, wherein subsets Si,,...^ derived from the set of groups 
S L S w define a cover. 

80. (original) The receiver of Claim 79, wherein the receiver receives content in at least one 
message defining a header, and the header includes at most r*log(N/r) subset keys and encryptions, wherein 
r is the number of receivers in a revoked set R and N is the total number of receivers. 

81 . (original) The receiver of Claim 79, wherein the receiver must store log N keys, wherein N 
is the total number of receivers, 

82. (canceled). 

83. (original) The receiver of Claim 79, wherein one revoked set R defines a spanning tree, and 
subtrees having roots attached to nodes of the spanning tree define the subsets* 

84. (original) The receiver of Claim 79, wherein the tree includes a root and plural nodes, each 
node having at least one associated label, and wherein each subset includes all leaves in a subtree rooted at 
some node V| that are not in the subtree rooted at some other node Vj that descends from v it 



groups Sj,, 



S w , wherein "w* is an integer, and the groups establish subtrees in a tree* 
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85 . (original) The receiver of Claim 84, wherein the receiver receives content in a message having 
a header including at most 2r-1 subset keys and encryptions, wherein r is the number of receivers in the 
revoked set R, 

86. (original) The receiver of Claim 84, wherein the receiver must store -Slog 2 N + .Slog N + 1 
keys, wherein N is the total number of receivers. 

87. (original) The receiver of Claim 84, wherein content is provided to the receiver in at least 
one message, and wherein the receiver processes the message using at most log N operations plus a single 
decryption operation, wherein N is the total number of receivers. 

88. (original) The receiver of Claim 84, wherein the receiver decrypts the subset key by 
evaluating a pseudorandom sequence generator. 

89-94 (canceled). 

95. (original) The computer of Claim 42, wherein the act of partitioning is undertaken by a 
system computer in a system of receivers separate from the system computer. 

96* (original) The computer of Claim 42, wherein the act of partitioning is undertaken by a 
receiver computer. 
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97. (original) the receiver of Claim 67, wherein the receiver derives the subsets in the cover. 

98. (new) The computer of Claim 41 „ wherein the method acts include using private information 
I w to decrypt the session key. 
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